----- Original Message -----
Nikos Mavrogiannopoulos nmav@redhat.com writes:
The attached patch set introduces new APIs to access the TLS 1.0 and 1.2 PRFs as well as the HKDF (rfc5869) function used in TLS 1.3.
Thanks, a few initial comments.
Are the TLS-1.0 and TLS-1.2 PRFs in any use outside of TLS?
I do not believe so.
and a comment in .bootstrap for the testsuite/.test-rules.make which I always seem to forget and spend an hour figuring out what is going on. Ideally .test-rules.make should depend on Makefile.in.
Have you tested if it works to just add that dependency?
No, I've thought of it while writing the email. Will check.
An alternative might be to drop support for non-GNU make programs, then one could probably write these as %-pattern rules directly in Makefile.in.
Could also be as it is hard today not to be able to use gnu make, though I may be partial on that.
I'd also suggest to rename the .bootstrap to bootstrap.sh as the latter is quite a convention to find in projects (.bootstrap is not even listed in ls).
Makes sense. There are references to the name .bootstrap in README and in .gitlab-ci.yml, any other place that would need updating?
I could not think of any.
+void +hkdf_extract(void *mac_ctx,
nettle_hmac_set_key_func *set_key,nettle_hash_update_func *update,nettle_hash_digest_func *digest,size_t digest_size,size_t salt_size, const uint8_t *salt,size_t secret_size, const uint8_t *secret,uint8_t *dst)+{
- set_key(mac_ctx, salt_size, salt);
- update(mac_ctx, secret_size, secret);
- digest(mac_ctx, digest_size, dst);
+}
This looks like a plain application of a mac, digest = MAC(salt, secret), is this really useful?
Right. It is only useful in the sense that when the protocol one is implementing requires hkdf-extract, and he can simply call that function from nettle. We can add documentation there instead, or even a macro to avoid a function call.
Not sure about the typedef nettle_hmac_set_key_func, there's nothing hmac specific, besides key size being variable? And it's identical to nettle_hash_update_func, right?
When casting functions it can get tricky when using the same prototype to cast multiple types. I was using something similar in gnutls, and when you switched the types in nettle some functions remained the same, while others changed, and these common casts had hidden the issue for quite some time. I prefer function casts which target the particular family of functions being abstracted for safety (future safety in that case).
Also, since it seems the key is fixed, both in this function and below, I think it would be better to leave setting the mac key to the caller, and pass in a mac ctx with key already set. That would also be more consistent with the pbkdf2 code, and reduce the number of argument.
That's interesting. That makes the hkdf_extract() seem even less useful. I'll submit an updated patch and add some documentation.
regards, Nikos